[OVAL DEVELOPER] Clarification about priority entity

David Solin solin at jovalcm.com
Thu Apr 14 11:57:17 EDT 2016


Hi Dragos,

Thanks for bringing up this issue.

I can say that there appears to be no equivalent on AIX, HP-UX, Solaris, BSD or MacOSX to the ‘priority’ Standard Format Specifier.  The ps command on all versions of Unix (including Linux) do, however, have specifiers for both ‘pri’ (for priority) and ‘nice’.  The ‘nice’ identifier gives you a value that can be feed into the nice command.

On Linux it seems you can generally compute the ‘pri’, ‘nice’, and ‘priority’ values from one-another (note, however, that many possible pri and priority values are out-of-range for ‘nice’, and also not that these conversions DO NOT HOLD for other Unix variants, or if it does, the rules seem to depend on the scheduling class):
nice = priority - 20
pri = 39 - priority

As you said, the OVAL specification isn’t very precise about what we are supposed to collect for the priority entity, it merely says:
"This is the scheduling priority with which the process runs. This can be adjusted with the nice command or nice() system call.”

To me, this suggests we should collect the ‘nice’ value.  That means sometimes it will be impossible to collect a value, as with certain system processes on Solaris (pids 0, 2 and 3), or processes with out-of-bounds values for nice.

OTOH, perhaps the ‘pri’ value would be more useful.  In the man page for ps on HP-UX, the specifier is described: “The priority of the process.  The meaning of the value depends on the process scheduling class…”  So, since the process_item also collects the scheduling class, perhaps it makes the most sense to collect the ‘pri’ specifier.  (Then again, there is apparently no such thing as a process scheduling class on MacOSX or BSD.)

Finally, we could come up with complicated rules about what value we should collect on which Unix variant, even potentially for what scheduling class, but that would be a horrible mess.

Does anyone else have any thoughts?

Best regards,
—David Solin

David A. Solin
Co-Founder, Research & Technology
solin at jovalcm.com <mailto:solin at jovalcm.com>
 <http://jovalcm.com/>
  <https://www.facebook.com/jovalcm> <https://www.linkedin.com/company/joval-continuous-monitoring>
> On Apr 12, 2016, at 5:39 PM, Prisaca, Dragos (Assoc) <dragos.prisaca at nist.gov> wrote:
> 
> Hello,
> 
> According to the OVAL Unix System Characteristics schema (https://github.com/OVALProject/Language/blob/master/schemas/unix-system-characteristics-schema.xsd <https://github.com/OVALProject/Language/blob/master/schemas/unix-system-characteristics-schema.xsd>), the priority entity of a process58_item is defined as: “This is the scheduling priority with which the process runs. This can be adjusted with the nice command or nice() system call.”
> On RHEL systems, I believe the priority can be found in the “/proc/{pid}/stat” - item 18 (priority) which is defined as “For processes running a real-time scheduling policy (policy below; see sched_setscheduler(2)), this is the negated scheduling priority, minus one; that is, a number in the range -2 to -100, corresponding to real-time priorities 1 to 99.  For processes running under a non-real-time scheduling policy, this is the raw nice value (setpriority(2)) as represented in the kernel.  The kernel stores nice values as numbers in the range 0 (high) to 39 (low), corresponding to the user-visible nice range of -20 to 19.”
> If my understanding is correct, I would suggest to provide additional clarification in the OVAL specification to avoid any confusion.
>  
> A related issue on RHEL is regarding the ps command and Standard Format Specifiers. The same value stored in stat file can be retrieve by running the command “ps -o priority {pid}”, but ‘ps -o pri {pid}’ returns a different value. For instance, on RHEL6, the ‘man ps’ does not mention any of these standard format specifiers. Any thoughts?
>  
> Since the priority property is spread across all *nix systems, are other systems affected by this issue?
> 
> Any feedback is much appreciated!
> 
> Respectfully,
> Dragos Prisaca
> NVLAP Technical Expert
> NIST SCAP Validation Program | http://scap.nist.gov/validation <http://scap.nist.gov/validation>
> 
> 
> ...
> _______________________________________________
> OVAL_Developer mailing list
> OVAL_Developer at lists.cisecurity.org <mailto:OVAL_Developer at lists.cisecurity.org>
> http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org <http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org>

...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cisecurity.org/pipermail/oval_developer_lists.cisecurity.org/attachments/20160414/6fa734c6/attachment-0002.html>


More information about the OVAL_Developer mailing list